Closed dependabot[bot] closed 1 week ago
The following issues were found:
Package | Version | License | Issue Type |
dompurify | ^3.1.3 | Null | Unknown License |
Package | Version | License | Issue Type |
dompurify | 3.1.3 | Null | Unknown License |
Package | Version | Score | Details | ||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
npm/dompurify | ^3.1.3 | :green_circle: 5.9 | Details
| ||||||||||||||||||||||||||||||||||||||||||||||||
npm/dompurify | ^3.1.2 | :green_circle: 5.9 | Details
| ||||||||||||||||||||||||||||||||||||||||||||||||
npm/dompurify | 3.1.3 | :green_circle: 5.9 | Details
| ||||||||||||||||||||||||||||||||||||||||||||||||
npm/dompurify | 3.1.2 | :green_circle: 5.9 | Details
|
@dependabot rebase
Superseded by #14488.
Bumps dompurify from 3.1.2 to 3.1.3.
Release notes
Sourced from dompurify's releases.
Commits
3fe78d7
chore: Preparing 3.1.3 releaseb20ce99
fix: Added smaller-than-null check for __depth hardening code1e52026
fix: Hardened the depth tracking code against prototype pollution8df72f1
fix: Made the regex for comment scrubbing a bit stricterae517d6
fix: Expanded the comment scrubbing regex matching a bit furtherb6818ce
fix: Added better configurability for new comment behavioraafd7a8
docs: Changed inline comments slightly to be more accuratea377bf8
test: Fixed the testsd1d5d22
fix: Added experiemental comment scrubbing inside attributesdc61232
fix #949You can trigger a rebase of this PR by commenting
@dependabot rebase
.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show